[syslog-ng]parsing the message field
Dave Johnson
syslog-ng@lists.balabit.hu
Thu, 28 Oct 2004 18:37:16 -0500
That sounds similar to what we were thinking initially, but then ended
up with flat file storage and doing standard end of day reports
instead as unix shell was more a natural fit (for us) [as well as perl
scripts].
On Mon, 25 Oct 2004 20:11:11 -0400, Joseph Deck <jdeck@wittenberg.edu> wrote:
> All,
>
> We have installed syslog-ng on our unix systems pointing them, some network
> devices, and some Windows systems events to a central syslog-ng
> server. The central server is currently piping the information to a Mysql
> database. Each incoming device writes to its own table in the database. A
> modification to this we would like to accomplish is to key various pieces
> of information stored in the "message" field.
>
> For example, syslog messages sent from the mail servers will contain the
> sender, recipient, delivery status in the "message" field. Our thought is
> to key these pieces of information for quick lookup. Some of the systems
> (Cisco Pix) are sending up to 5G of information a day. Another reason to
> key the information.
>
> Our current thought is to send the output of syslog-ng to a Perl script
> which will parse the message field based upon the source. The Perl script
> would then write it to the database.
>
> Is there a better approach? Any suggestions would be appreciated.
>
> Joseph G. Deck
> Director of Computing Services
> Wittenberg University
> Phone: (937) 525-3800
> Fax: (937) 327-7372
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>